shiro与spring security用自定义异常处理401错误

236 阅读 0 评论 156 点赞

我是靠谱客的博主开心酸奶，这篇文章主要介绍shiro与spring security用自定义异常处理401错误，现在分享给大家，希望可以做个参考。

shiro与spring security自定义异常处理401

背景

现在是前后端分离的时代，后端必然要统一处理返回结果，比如定义一个返回对象

复制代码

1
2
3
4
5
6
7
8
9
10
11
12
13
public class ResponseData<T> {
    /**
     * 统一返回码
     */
    public String rtnCode;
    /**
     * 统一错误消息
     */
    public String rtnMsg;
    /**
     * 结果对象
     */
    public T rtnData;

对于所有异常都有对应的rtnCode对应,而不需要框架默认处理如返回

这时候前端同学就不开心了，都已经有rtnCode了，为啥http的status还要弄个401而不是200。

解决方案

一般的业务异常在springboot项目中新建一个统一处理类去处理即可，如

复制代码

1
2
3
4
5
6
7
8
9
@ControllerAdvice
public class DefaultExceptionHandler {
    /**
     * 异常统一处理
     */
    @ExceptionHandler({Exception.class})
    @ResponseStatus(HttpStatus.OK)
    @ResponseBody
    public ResponseData allException(Exception e) {

大部分情况都能捕获到从而如期返回json对象数据，但是某些权限框架抛出的异常如401等等，不会被拦截到，这时候就需要再建一个类去处理这种情况，代码如下

复制代码

package com;
import com.vo.ResponseData;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.web.ErrorAttributes;
import org.springframework.boot.autoconfigure.web.ErrorController;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.context.request.RequestAttributes;
import org.springframework.web.context.request.ServletRequestAttributes;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.util.Map;
/**
 * spring security 异常处理
 */
@RestController
public class CustomErrorController implements ErrorController {
	private static final String PATH = "/error";
    @Autowired
    private ErrorAttributes errorAttributes;
    @RequestMapping(value = PATH)
    ResponseData error(HttpServletRequest request, HttpServletResponse response) {
        // Appropriate HTTP response code (e.g. 404 or 500) is automatically set by Spring. 
        // Here we just define response body.
    	Map<String, Object> errorMap = getErrorAttributes(request);
        ResponseData d= new ResponseData(response.getStatus()+"", errorMap.get("message").toString());
        response.setStatus(HttpServletResponse.SC_OK);
        return d;
    }
    @Override
    public String getErrorPath() {
        return PATH;
    }
    private Map<String, Object> getErrorAttributes(HttpServletRequest request) {
        RequestAttributes requestAttributes = new ServletRequestAttributes(request);
        return errorAttributes.getErrorAttributes(requestAttributes, false);
    }
}

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
package com;
import com.vo.ResponseData;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.web.ErrorAttributes;
import org.springframework.boot.autoconfigure.web.ErrorController;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.context.request.RequestAttributes;
import org.springframework.web.context.request.ServletRequestAttributes;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.util.Map;
/**
 * spring security 异常处理
 */
@RestController
public class CustomErrorController implements ErrorController {
	private static final String PATH = "/error";
    @Autowired
    private ErrorAttributes errorAttributes;
    @RequestMapping(value = PATH)
    ResponseData error(HttpServletRequest request, HttpServletResponse response) {
        // Appropriate HTTP response code (e.g. 404 or 500) is automatically set by Spring. 
        // Here we just define response body.
    	Map<String, Object> errorMap = getErrorAttributes(request);
        ResponseData d= new ResponseData(response.getStatus()+"", errorMap.get("message").toString());
        response.setStatus(HttpServletResponse.SC_OK);
        return d;
    }
    @Override
    public String getErrorPath() {
        return PATH;
    }
    private Map<String, Object> getErrorAttributes(HttpServletRequest request) {
        RequestAttributes requestAttributes = new ServletRequestAttributes(request);
        return errorAttributes.getErrorAttributes(requestAttributes, false);
    }
}

SpringBoot整合Shiro自定义filter报错

No SecurityManager accessible to the calling code...

最近在用springboot整合shiro,在访问时出现了No SecurityManager accessible to the calling code…

报错：

产生原因

自定义的SysUserFilter加载顺序在ShiroFilter之前，导致出现No SecurityManager accessible to the calling code…

解决办法

shiroFilter()的加载先于自定义的SysUserFilter

小结一下

出现No SecurityManager accessible to the calling code…问题的原因可能有很多，而我这个是因为将自定义的Filter在ShiroFitler之前加载。

ShiroFilter 是整个 Shiro 的入口点，用于拦截需要安全控制的请求进行处理，当自定义的filter先于shiroFilter加载，而shiroFilter里又使用到该自定义filter时，就会导致调用该自定义filter进行预处理时访问不到SecurityManager，也就是文中所出现的错误。

以上为个人经验，希望能给大家一个参考，也希望大家多多支持靠谱客。